Lucene search
K

518 matches found

Cvelist
Cvelist
added 2026/02/27 8:40 a.m.23 views

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

6.5CVSS0.00199EPSS
Exploits0References6
CVE
CVE
added 2026/02/27 8:40 a.m.20 views

CVE-2026-1626

The vulnerability CVE-2026-1626 affects SICK LMS1000 and SICK MRS1000 devices, where the SSH service may accept weak CBC-based cipher suites. This could allow an attacker with network access to observe or manipulate portions of SSH communications. Red Hat and other sources corroborate a CBC-relat...

9.1CVSS5.9AI score0.00199EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 5:30 p.m.2 views

CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects...

4.1CVSS5.5AI score0.00206EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21256

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1 Description The application contains a Local File Inclusion LFI issue within the Sales.php::getInvoice function. An attacker can potentially read arbitrary files on the web server by manipulating the Invoice Type...

5.6AI score0.00575EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.5 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS5.9AI score0.01633EPSS
Exploits2References5
Rapid7 Blog
Rapid7 Blog
added 2026/02/10 6:0 p.m.11 views

Measuring AI Security: Separating Signal from Panic

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/10 12:54 p.m.3 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS5.9AI score0.01633EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/02/02 10:2 a.m.4 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00633EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.7 views

MiracleLinux 3 : openssh-4.3p2-29.2AXS3 (AXSA:2009-395:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-395:02 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure...

3.7CVSS6.9AI score0.15395EPSS
Exploits1References2
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50919

Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without...

9.8CVSS6.5AI score0.0119EPSS
Exploits1References3
NVD
NVD
added 2026/01/13 11:15 p.m.8 views

CVE-2022-50919

Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without...

9.8CVSS0.0119EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/13 7:17 p.m.4 views

EUVD-2026-2022

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

8.7CVSS6.3AI score0.00172EPSS
Exploits0References7
CVE
CVE
added 2026/01/13 7:17 p.m.14 views

CVE-2025-68931

Jervis (net.gleske:jervis) before version 2.2 uses AES/CBC/PKCS5Padding without authentication, making it susceptible to padding oracle attacks and ciphertext manipulation. The issue is fixed in Jervis 2.2 by migrating to AES/GCM/NoPadding. Affected products: Jervis library for Job DSL plugin scr...

8.7CVSS6.4AI score0.00172EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/13 2:56 p.m.4 views

GHSA-GXP5-MV27-VJCJ Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

8.7CVSS6.8AI score0.00172EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/01/13 2:56 p.m.10 views

Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

8.7CVSS6.9AI score0.00172EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2395

Name of the Vulnerable Software and Affected Versions Tdarr version 2.00.15 Description The software contains an unauthenticated remote code execution issue in its Help terminal. An attacker can inject and chain arbitrary commands due to a lack of input filtering. Specifically, an attacker can us...

9.8CVSS8.4AI score0.0119EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

8.7CVSS5.8AI score0.00172EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 6:2 a.m.10 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

7.5CVSS8AI score0.9378EPSS
Exploits5Affected Software1
CVE
CVE
added 2025/12/15 8:28 p.m.10 views

CVE-2023-53872

Wp2Fac 1.0 has an OS command injection vulnerability in the send.php endpoint. The vulnerability allows remote attackers to execute arbitrary system commands by injecting shell commands through the numara parameter (using & to chain commands). Impact is described as high for confidentiality, inte...

9.3CVSS8AI score0.0107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.10 views

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

9.3CVSS8.1AI score0.0107EPSS
Exploits0References7
Rows per page
Query Builder